MCPcopy Index your code
hub / github.com/PatchMon/PatchMon / ServeCreateTicket

Method ServeCreateTicket

server-source-code/internal/handler/rdp.go:133–343  ·  view source on GitHub ↗

ServeCreateTicket handles POST /auth/rdp-ticket.

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

131
132// ServeCreateTicket handles POST /auth/rdp-ticket.
133func (h *RDPHandler) ServeCreateTicket(w http.ResponseWriter, r *http.Request) {
134 userID, _ := r.Context().Value(middleware.UserIDKey).(string)
135 if userID == "" {
136 JSON(w, http.StatusUnauthorized, map[string]string{"error": "Unauthorized"})
137 return
138 }
139
140 var req struct {
141 HostID string `json:"hostId"`
142 Username string `json:"username"`
143 Password string `json:"password"`
144 Width int `json:"width,omitempty"`
145 Height int `json:"height,omitempty"`
146 }
147 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
148 JSON(w, http.StatusBadRequest, map[string]string{"error": "Invalid request body"})
149 return
150 }
151 if req.HostID == "" {
152 JSON(w, http.StatusBadRequest, map[string]string{"error": "hostId is required"})
153 return
154 }
155
156 // Validate and clamp requested screen dimensions.
157 reqWidth, reqHeight := req.Width, req.Height
158 if reqWidth < 320 {
159 reqWidth = 1024
160 }
161 if reqHeight < 480 {
162 reqHeight = 768
163 }
164 if reqWidth > 8192 {
165 reqWidth = 8192
166 }
167 if reqHeight > 8192 {
168 reqHeight = 8192
169 }
170
171 user, err := h.users.GetByID(r.Context(), userID)
172 if err != nil || user == nil || !user.IsActive {
173 h.log.Info("rdp-ticket user not found or inactive", "user_id", userID)
174 JSON(w, http.StatusUnauthorized, map[string]string{"error": "User not found or inactive"})
175 return
176 }
177
178 canUseRemoteAccess, err := h.userCanUseRemoteAccess(r.Context(), user)
179 if err != nil {
180 h.log.Warn("rdp-ticket permission lookup failed", "user_id", userID, "role", user.Role, "error", err)
181 JSON(w, http.StatusInternalServerError, map[string]string{"error": "Failed to verify permissions"})
182 return
183 }
184 if !canUseRemoteAccess {
185 h.log.Info("rdp-ticket access denied", "user_id", userID, "role", user.Role)
186 JSON(w, http.StatusForbidden, map[string]string{"error": "Access denied"})
187 return
188 }
189
190 host, err := h.hosts.GetByID(r.Context(), req.HostID)

Callers

nothing calls this directly

Calls 15

isWindowsHostFunction · 0.85
classifyAgentErrorFunction · 0.85
ErrorMethod · 0.80
SendToAgentMethod · 0.80
WaitAgentReadyMethod · 0.80
SendDisconnectMethod · 0.80
EmitEventMethod · 0.80
JSONFunction · 0.70
DBMethod · 0.65
ValueMethod · 0.45
GetByIDMethod · 0.45

Tested by

no test coverage detected